Contents
Proposal background
d
0102Contents Product summary
Product configuration
Purpose of introduction
020304
ContentsProduct’s main function
Guide of mobile security build up
Effect of Investment050607 Guide of mobile security build-up
Reference
0708
Copyright ⓒ 2013 Extrus Inc. All rights reserved
01 Proposal background
M i i hi f illi l i h
Infection of malicious codeMain Function
Main security threat
Data loss by stolen or lost devices
Coming era of 20 million people using SmartphonesSmart era!!!
90%
Web Search
Document using Word, Excel, PPT, etc
Infection of malicious code
Hacking wireless network
Modulation of platform
50%
2G Phone3G PhoneSmart Phone
Communication using SNS, Messenger, etc
Video tapingIntranet access using
smart devices
Smart devicesReceiving and sending intranet5%
Smart devices as portable media storage
Receiving and sending intranet or web email
Business data loss by insider using smart devicesImportant data loss
2007 2008 2009 2010 2011 2012 2015 2020
Business data loss by insider using smart devicesby stolen or lost smart devices
- Vulnerability and security threat of smart devices to increase dangerousness- Wireless communication, tethering, and portable media storage- Screen capture, camera, voice recording to steal information
- Business or personal data loss from smart devices- Data loss by accessing to business sites- Non-reusable by personal data loss
Copyright ⓒ 2013 Extrus Inc. All rights reserved
- Non-reusable by personal data loss
01 Proposal background
Use of individual devices for business by 81%Use of individual devices for business by 81%
Suspected network access rate through WI-FI by 31%
Use of rent business devices to others by 41%
Non-setting password or lock-up by 37%
Unencrypted documents or files by 33%
Personal devices in the company that not allows BYOD by 66%
Necessity of a maintenance system which supports and manages various mobile devices depend on company’s allowance of BYOD is increased!!
Experience of infected by malicious or hacked code by 25%
Copyright ⓒ 2013 Extrus Inc. All rights reserved
Main agent: IT department, high-ranking officers, etc. <Quoted from Tech IT article on July 16, 2012>
02 Product summary
(Mobile Device Management)
Management and security of mobile devices
Distribution of essential mobile apps
(deployment management based on OTA)
Management of smart devices
f bb lfrom robbery or loss
Asset management of smart devices
Support of Android, iOSSupport of Android, iOS
(tablet PC, Smart phone)
Copyright ⓒ 2013 Extrus Inc. All rights reserved
02 Product summary
P d t fi ti
S e c t i o n M a i n i t e m s
• Exafe MDM S/W Manager
Product configuration
• Exafe MDM S/W Manager- Device policy management for various platforms- Important information back-up and restoration for loss management- Remote command transmission and history management - Audit log management for audit
Policy server - Integration of self Push and SMS Push for remote control
• Exafe MDM Admin Console- Centralized device management
S i li b d d di i
Administrator console
- Security policy management based on group and condition- Present situation management of using smart devices- Device management by remote control
(robbery and loss management, mobile office apps management)- User, group, and administrator’s information management
Administrator console- Personalization management Service
• Exafe MDM Agent- Support of smart device platform(Android, iOS)
P d f i Wi d M bil
Smart device agent
- Prearranged of supporting Window Mobile - Robbery and loss management- Reception and execution of security policy- Management of mobile office apps store for enterprise- log generation and transmission
Copyright ⓒ 2013 Extrus Inc. All rights reserved
Smart device agent
03 Product Configuration
Configuration Diagram
Extranet DMZ / Intranet
Smart devices Administrator
Linked server MDM policy server
Log, back-up file
(management in S.F CFS or DB)
Repository(DBMS)
PAP : Push Access Protocol AMF : ActionScript Message Format
Copyright ⓒ 2013 Extrus Inc. All rights reserved
PAP : Push Access Protocol, AMF : ActionScript Message FormatDiverse ways of Message Call : vendor-supported push, self-organized push and support of SMS(optional)
04 Purpose of introduction
Establishing standa dComplying with security spec
Establishing standardsolution of information security for smart d i f b i
of National Intelligence Service and ‘Information security guideline for smart work’
Purpose of
devices for businessgof Financial Supervisory Service
Purpose of introduction
i f iprotection of enterprise assets from important business data loss by robbery or loss
Establishment of integrated control system of smart devicesof mobile devices of smart devices
Copyright ⓒ 2013 Extrus Inc. All rights reserved
Section Detailed requirements proposal of product
Complying with information security guideline for smart work of National Intelligence Service
04 Purpose of introduction
Section Detailed requirements proposal of product
User authentication Notes
Execution time A. Execution of the user authentication when operateB. Execution of the user authentication when un-lockC Logging off automatically from business server when no input within predetermined time Exafe mPKIC. Logging off automatically from business server when no input within predetermined time Exafe mPKI
+Exafe KeySec
Authentication method A. Use of complicated passwordB. Prohibition of plain text for password C. Only security manager can un-lock when failed to authenticate several timesD. Execution of authentication by password or electronic signature
Dealing with malicious code
Exafe Vaccine
Anti-virusA. Installing anti-virus softwareB. Maintaining the newest condition of the engineC. Regular inspection
)Smart device
security
D. Checking whether modulated platform is used or not(jailbreak, rooting, etc.)
Control of data loss
Checking whether data is saved or notA. Control of saving data, policy of loss and robbery for business software Policy of loss and robberyA S t f t i i f ti f t l l t t d i
Exafe MDM
A. Support of remote wiping function for stolen or lost smart devices B. Function of locking device constantly applied
- Logging off automatically when no input within predetermined time- Use or access control when input error several times
Access control of storage mediumA. Access and data transmission control between smart devices and business PCs
- Only storage medium permitted by security manager can only used to smart devices Access control to hardware resources A. Only permitted programs can access to hardware such as microphones, GPSs, cameras, etcB. Control of output and screen capture
- Control of output and screen capture by printer, camera, etc. for business data or screen.
Service security
Copyright ⓒ 2013 Extrus Inc. All rights reserved
Service security A. Prohibition of distribution of apps related with services through public app store (prohibition to non-permitted third-parties)B. Controlling the access to service when update is not accomplished and executing an inspection of the integrity for each important time
such as distribution, installation, update, etc.
Exafe AppDefense
Complying with ‘Information security guideline for smart work’ of Financial Supervisory Service
04 Purpose of introduction
Section Detailed requirements Proposal of product
Providing protection against security threat of smart devices such as infection of malicious code, robbery/loss notes
Prevention from malicious code infection A. Preventing from OS modulation, and maintaining newest security patch for operating systemB. Installing vaccine programs, maintaining newest engine condition, and regular inspection with real-time monitoring
- For installable devices, downloaded files from internet will be inspected regularly before used(Addition consideration) communication and execution of other processes will be controlled during the action of business program
Exafe Vaccine
Coping with robbery or lossA Constantly applied locking in function for devicesA. Constantly applied locking in function for devices
- Logging off automatically when no input within predetermined time- Use or access control when input error several times
B. Blocking the access and remote locking of stolen or lost devicesC. Remote wiping of saved program and information in stolen/lost devices
C l f d lExafe MDM
Smart device security
Control of data lossA. Control of the information transmission through devices(including server)
- Regulated targets: Bluetooth, Wi-Fi, SD card, etcB. Control of output and screen capture
- Control of output and screen capture of business data/screen through printer, camera, etc. (Addition consideration) Control of camera, video/voice recorder of devices
Exafe MDM
(Addition consideration) Control of installation of programs : allowing only permitted programs
Protection from security threat such as hacking through smart work services and accessing without notice by third-partiesin the area of business services
Authentication security A (U h i i ) l i l h i i b h i i ifi h h (ID)/ d E f PKIA. (User authentication) multiple authentication by authentication certificate other than user account (ID)/passwordB. (Device authentication) device authentication by certificate or unique information C. Preventing from exposure and fake/modulation when input and transmit authentication information(Addition consideration) Authentication with more than two information when authenticate devices
Exafe mPKI+
Exafe KeySec
Service security
Copyright ⓒ 2013 Extrus Inc. All rights reserved
A. (Distribution of business program) Prohibition of distribution of apps related with services through public app store (prohibition to non-permitted third-parties)
B. (Business service protection) Controlling the access to services and executing an inspection of the integrity for each important time such as distribution, installation, update, etc. when update is not accomplished
Exafe AppDefense
05 Effect of Investment
Management using user authentication Business reliability improvement by g g
Coping with newest malicious code Protection of important data
- Control of storage medium
y p ytightening security of smart work environment
Preparation for in/outside auditsg- Prevention of screen capture - Measure for robbery or loss
Protection of Mobile OS
Preparation for in/outside audits by implementing mobile security system
Resource management- Use of authorized programs
(GPS, camera, etc)
Installing permitted or signed S/W
Reducing individual complaints caused by BYOD policy of the company
Installing permitted or signed S/W
by institutions
Prevention of internet connection
Pro-active of possible data loss occurred by mobile devices
by non-permitted devices Improving productivity of
the company by managing business applications
Copyright ⓒ 2013 Extrus Inc. All rights reserved
Exafe MDM can manage the asset of the company by deleting critical data or querying location
06 Product’s main function
Remote control command and Remote control command and Asset management by copying with robbery, loss Management of stolen or l d
Exafe MDM can manage the asset of the company by deleting critical data or querying locationinformation at the time of lost or stolen data caused by negligence on the business when you carry out important business of the company with company’s or personal smart devices.
H/W.Basic information of devices
Acquirement of smart device information
Acquirement of smart device information
location search for smart deviceslocation search for smart devices lost data
Locking in devices
Factory default
Remote wiping important information
Robbery,loss
H/W information
devices .Resource information of devices
Query of stateinformation
.Communication capacity informationHeartbeat state
information
Control of phone call
Searching device location information
Backup/ Restoration
stolen or lost state registration
.Heartbeat state Backup / Restoration
Important information back-up of devices]
(address book or call log
Important information restoration of devices
li ti Ad i i t t
restoration of devices (address book/call log)
Help desk
Remote control history of each device
personalization service
Administrator console Administrator’s
emergency call Remote locking in smart devices
useruser AdministratorAdministratorImpossible key Locking in device
Identifying previous state through the previous and
remote control history
Copyright ⓒ 2013 Extrus Inc. All rights reserved
p ymanipulation, data extraction
Locking in device
( limited functions )
Exafe MDM regularly manages by checking smart devices’ state information when register the company’s
06 Product’s main function
or individual smart devices. Various information (OS, memory, CPU, model, platform, etc.) of smart devices can be monitored or queried remotely. Also, various search functions can be implemented such as querying of data traffic through the cooperation with the telecommunication companies.
Managing information of smart devices
User area User area Server AreaServer Area4
Management ofdevices’ setting
Time setting for lock-up of screen
Management of wireless AP
Registering information (S/W, H/W) of devices by request
Execution ofremote search request
MessageserverMessageserverAcquiring of unique
f
4
6
Management of wireless AP for access
H/W resource management
H/W specification query by
1. . Own Push2. Vendor-provided Push3. SMS
Message serverMessage server
Wi-Fi access
access information of AP
Requesting remote information of devices
Transmission of ti t t
Execution of management3
5
H/W specification query by remote request
CPU,M/M, HDD, MAC, OS, etc
Summary of used amount of session or traffic
Requesting information of devices(H/W, S/W)
selection of devices
selection ofdevices
requesting information query of devices
Administrator Area
Wireless AP
execution state
1
2of session or traffic
Querying to AP information to access data through WIFI
S/W resource management
Requesting informationof devices
hardware info Software info
Querying list of installed and executed apps
Leading essential apps to update
Copyright ⓒ 2013 Extrus Inc. All rights reserved
Leading apps to install, update, delete
Exafe MDM can improve work efficiency by managing policy of apps in addition to the business
06 Product’s main function
Improving work efficiency by managing business apps
Exafe MDM can improve work efficiency by managing policy of apps in addition to the businesswhen you carry out important business with smart devices of the companies or individuals.
Improving work efficiency by managing business apps
Condition # 1
Security policy used Security policy used inside the company inside the company
Applying to security policy(policy condition #1)
Policy serverPolicy serverAdministratorAdministrator
transmitting security policy to smart devices
setting security policy
(policy condition #1)
Policyitem Set value
stock apps block
kakaotalk block
i bl kinternet apps block
camera/recorder block
business apps permit
②Managed business apps
Condition # 2
Security policy used Security policy used outside the company outside the company
Applying to security policy(policy condition #2)
g pp
③U d
in connection with user content (changing standard
정책아이템 설정값
stock apps permit
kakaotalk permit
internet apps permit
①Device search
③Unmanaged user apps
Copyright ⓒ 2013 Extrus Inc. All rights reserved
content (changing standard of policy conditions) camera/recorder permit
business apps block
Exafe MDM cuts off the path revealing the confidential information using screen capture and a camera
06 Product’s main function
Exafe MDM cuts off the path revealing the confidential information using screen capture and a camera
when you carry out important business with smart devices of the companies or individuals
Prevention of screen capture including important informationTightening security by preventing screen
capture of important information
Control of screen capture
Complete control of the camera apps
Checking device rooting / perception of network access
Exafe MDM
Perception of 3G
and camera moduleControl of capture shortcut keys on Android or iOS
Control of capture shortcut keys on Android or iOS
Control of camera moduleControl of camera module
Giving a permission to use for each manager or userGiving a permission to use for each manager or user & Wi-Fi access
Mobile Device(Smart Phone/Tablet)
for each manager or userfor each manager or user
(Smart Phone/Tablet)(Android/IOS)
Perception of executing an emulator
Control of camera module apps Control of camera module apps
Copyright ⓒ 2013 Extrus Inc. All rights reserved
executing an emulator
Exafe MDM reduces communication cost by managing devices against the threats that can be occurred on
06 Product’s main function
Exafe MDM reduces communication cost by managing devices against the threats that can be occurred onthe communication(3G, Wi-Fi, Bluetooth, etc) and providing through a variety of security policies according to the characteristics of the company when you carry out important business with smart devices of the companies or individuals.
Control of network devices
그룹별정책설정Branch Branch IT
Security threat on mobile wireless communication
Security threat on mobile wireless communication
Security threat on mobile wireless communication
dud PB RM BranchManager
Branch Employee
IT department
Camera / Capture X X X X X
Bluetooth X X X X O
Wi-Fi O O X X O
Security threat by using wireless LAN Security threat by using wireless LAN
• Packet sniffing on wireless LAN
Security threat by using wireless LAN
• Packet sniffing on wireless LAN
Cont Wi Fi O O X X O
3G O O X O X
USB Tethering O O X X X
C ll O O O X O
block of smart phone devices Security threat by using WibroSecurity threat by using Wibro
• Smart phones attack by unauthorized AP
Security threat by using Wibro
• Smart phones attack by unauthorized AP trol
Call O O O X O
GPS O O O X O
Bluetooth Wi-Fi USB Tethering
3G
• Attack through wireless signal Jamming
• Attack by managing message modulation
• Attack through wireless signal Jamming
• Attack by managing message modulation need
VV
3GWi-Fi
BluetoothTethering
VV
VV
3GWi-Fi
BluetoothTethering
V3GWi-Fi
BluetoothTethering
Policy setting based lon locationSecurity threat by using Bluetooth Security threat by using Bluetooth
• Vulnerability of directory search using
Bluetooth
• Rebooting attack by using Bluetooth
Security threat by using Bluetooth
• Vulnerability of directory search using
Bluetooth
• Rebooting attack by using Bluetooth
ded
Copyright ⓒ 2013 Extrus Inc. All rights reserved
g g g• Rebooting attack by using Bluetooth • Rebooting attack by using Bluetooth
Exafe MDM runs the security through encryption of important information saved in networks servers or d
06 Product’s main function
Exafe MDM runs the security through encryption of important information saved in networks, servers or devices through cooperation with SSL when you carry out important business with smart devices of the companies or individuals
Encryption of communication network
Management of security policy - encryption of sending and receiving data or Push service
User areaUser area Server areaServer area Administrator areaAdministrator area
E ti i id
HTTPS/SSL integrated
• Encryption inside server- User password - Administrator password - Main log information
Web serverPartial access through web server by devices
Only access from trusted intranet by managing policy
Copyright ⓒ 2013 Extrus Inc. All rights reserved
Exafe MDM can manage the asset by registering policies (GPS/ WPS Cell ID access control integration busin
06 Product’s main function
Exafe MDM can manage the asset by registering policies (GPS/ WPS, Cell ID, access control integration, business hours, WhiteList) when you carry out important business with smart devices of the companies or individuals.
Policy management base on condition
Policy transmission to devices
Policy server
Policy setting
Company Policy condition #1 :Company
1 2Policy item Set value
Policy transmission to devices(request devices)
Administrator
Policy setting1 2using camera block
screen capture block
W ii – F i / AP restriction of registered AP
applying to policy(policy condition #1)
l i t li ( li diti #2)① Registering
3
3
3G block
Bluetooth block
Home Policy condition #2 : Home
applying to policy(policy condition #2)① Registering policy
② Defining policy condition 3
Policy item Set value
Integrated with UC(standard of changing
policy condition)
③ Defining target④ Setting detail policy condition using camera permit
screen capture permit
W ii – F i / AP permit all
3G permit
Copyright ⓒ 2013 Extrus Inc. All rights reserved
※ When policy condition changed, Android changes configuration inside devices and iOS transmits changed configuration from a server to devices.
3G permit
Bluetooth permit
Exafe MDM makes you be able to use audit log by logging history of acting or reporting when
06 Product’s main function
Managing log and statistic
Exafe MDM makes you be able to use audit log by logging history of acting or reporting whenyou carry out important business with smart devices of the companies or individuals.
Managing log and statistic
• User access time, device authenticated time, successiveness, and recent access time to update the policy• Present state of apps installation or policy distribution for each device. • History of administrator’s act from manager console (daily recording files) • Present state of stolen, lost, backup, recovery, installation of client and recent log
Audit to users, devices’ authentication information Processed result of remote control Device’s RAW log
① user/device authentication history
③ Device Transmission log ② Reamote control history (for each personal device)
Administrator’s act
Copyright ⓒ 2013 Extrus Inc. All rights reserved
Exafe MDM can monitor in real time agent installation operational state user and group specific
06 Product’s main function
Monitoring smart devices
Exafe MDM can monitor in real time agent installation, operational state, user and group-specificpolicies state, application backup state, recovery state and lost or stolen reports, etc.
Present situation Present situation ofof product installation
Present situation of backup, recovery
Present situation of stolen or lost devices
Present situation of policy
Copyright ⓒ 2013 Extrus Inc. All rights reserved
stolen or lost devicesof policy condition
07 Guide of mobile security build-up
Smart Mobile Security Administrator console
Exafe CryptoExafe mPKI server
Exafe MDM
Exafe VaccineExafe server
group
Exafe AppDefenceserver
Exafe MDM server
Business APP
Reflecting Exafe policy
Exafe mPKI
Exafe KeySec
ExafeAPP
Exafe KeySec
Exafe AppDefence
Exafe Wall
Personnel /organization information
Integrated with entrance access control
Exafe RemoteCall
EntranceB i
Copyright ⓒ 2013 Extrus Inc. All rights reserved
access control server
Business server
You can trust Extrus IncExtrus, Inc. at any time.y
Thanks.[Product Inquiry] Extrus, Inc.
82 2 6959 0774 ⓔ il t @ t k
Copyright ⓒ 2013 Extrus Inc. All rights reserved
☎ +82-2-6959-0774 ⓔ-mail : [email protected]